Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALASPYTHON3_8-2023-007.NASL
HistorySep 27, 2023 - 12:00 a.m.

Amazon Linux 2 : python38 (ALASPYTHON3.8-2023-007)

2023-09-2700:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
amazon linux 2
python38
multiple vulnerabilities
alas2python3.8-2023-007
cve-2020-10735
cve-2022-48566
system availability
compare_digest
hmac.py

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.9%

JSON

The version of python38 installed on the remote host is prior to 3.8.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PYTHON3.8-2023-007 advisory.

  • A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(text), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. (CVE-2020-10735)

  • An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. (CVE-2022-48566)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALASPYTHON3.8-2023-007.
##

include('compat.inc');

if (description)
{
  script_id(181954);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/23");

  script_cve_id("CVE-2020-10735", "CVE-2022-48566");

  script_name(english:"Amazon Linux 2 : python38 (ALASPYTHON3.8-2023-007)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of python38 installed on the remote host is prior to 3.8.15-1. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2PYTHON3.8-2023-007 advisory.

  - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when
    using int(text), a system could take 50ms to parse an int string with 100,000 digits and 5s for
    1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not
    affected). The highest threat from this vulnerability is to system availability. (CVE-2020-10735)

  - An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating
    optimisations were possible in the accumulator variable in hmac.compare_digest. (CVE-2022-48566)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALASPYTHON3.8-2023-007.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-10735.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-48566.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update python38' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-48566");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/09/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python38");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python38-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python38-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python38-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python38-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python38-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python38-tkinter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python38-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'python38-3.8.15-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'},
    {'reference':'python38-3.8.15-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'},
    {'reference':'python38-debug-3.8.15-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'},
    {'reference':'python38-debug-3.8.15-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'},
    {'reference':'python38-debuginfo-3.8.15-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'},
    {'reference':'python38-debuginfo-3.8.15-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'},
    {'reference':'python38-devel-3.8.15-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'},
    {'reference':'python38-devel-3.8.15-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'},
    {'reference':'python38-libs-3.8.15-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'},
    {'reference':'python38-libs-3.8.15-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'},
    {'reference':'python38-test-3.8.15-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'},
    {'reference':'python38-test-3.8.15-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'},
    {'reference':'python38-tkinter-3.8.15-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'},
    {'reference':'python38-tkinter-3.8.15-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'},
    {'reference':'python38-tools-3.8.15-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'},
    {'reference':'python38-tools-3.8.15-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python3.8'}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python38 / python38-debug / python38-debuginfo / etc");
}
VendorProductVersionCPE
amazonlinuxpython38p-cpe:/a:amazon:linux:python38
amazonlinuxpython38-debugp-cpe:/a:amazon:linux:python38-debug
amazonlinuxpython38-debuginfop-cpe:/a:amazon:linux:python38-debuginfo
amazonlinuxpython38-develp-cpe:/a:amazon:linux:python38-devel
amazonlinuxpython38-libsp-cpe:/a:amazon:linux:python38-libs
amazonlinuxpython38-testp-cpe:/a:amazon:linux:python38-test
amazonlinuxpython38-tkinterp-cpe:/a:amazon:linux:python38-tkinter
amazonlinuxpython38-toolsp-cpe:/a:amazon:linux:python38-tools
amazonlinux2cpe:/o:amazon:linux:2

Related

debiancve 2
nvd 2
ibm 9
redhatcve 2
ubuntu 1
openvas 53
ubuntucve 2
veracode 3
prion 2
amazon 2
cve 2
cvelist 2
nessus 51
osv 16
fedora 24
rocky 2
cbl_mariner 1
redhat 5
slackware 1
wolfi 1
redos 2
cgr 1
almalinux 4
oraclelinux 4
freebsd 1
aix 1
suse 2
mageia 1
debiancve
debiancve
CVE-2022-48566
2023-08-22 19:16:32
CVE-2020-10735
2022-09-09 14:15:08
nvd
nvd
CVE-2022-48566
2023-08-22 19:16:32
CVE-2020-10735
2022-09-09 14:15:08
ibm
ibm
Security Bulletin: Vulnerability in Python affects IBM Process Mining . CVE-2022-48566
2023-10-09 10:53:43
Security Bulletin: Vulnerabilities in Python may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift
2023-05-22 23:42:14
Security Bulletin: This Power System update is being released to address CVE 2020-10735
2024-03-27 20:42:56
redhatcve
redhatcve
CVE-2022-48566
2023-09-13 13:54:09
CVE-2020-10735
2022-09-05 05:58:38
ubuntu
ubuntu
Python vulnerability
2023-09-27 00:00:00
openvas
openvas
Python < 3.6.13, 3.7.x < 3.7.10, 3.8.x < 3.8.7, 3.9.x < 3.9.1 Race Condition Vulnerability (bpo-40791) - Mac OS X
2023-09-20 00:00:00
Ubuntu: Security Advisory (USN-6400-1)
2023-09-27 00:00:00
Python < 3.6.13, 3.7.x < 3.7.10, 3.8.x < 3.8.7, 3.9.x < 3.9.1 Race Condition Vulnerability (bpo-40791) - Linux
2023-09-20 00:00:00
ubuntucve
ubuntucve
CVE-2022-48566
2023-08-22 00:00:00
CVE-2020-10735
2022-09-09 00:00:00
veracode
veracode
Timing Attack
2023-10-10 08:26:44
Timing Attack
2023-08-30 22:30:54
Denial Of Service (DoS)
2022-09-19 16:12:15
prion
prion
Design/Logic Flaw
2023-08-22 19:16:00
Design/Logic Flaw
2022-09-09 14:15:00
amazon
amazon
Medium: python
2024-01-03 21:04:00
Medium: python3
2022-12-01 20:31:00
cve
cve
CVE-2022-48566
2023-08-22 19:16:32
CVE-2020-10735
2022-09-09 14:15:08
cvelist
cvelist
CVE-2022-48566
2023-08-22 00:00:00
CVE-2020-10735
2022-09-09 00:00:00
nessus
nessus
Amazon Linux 2 : python (ALAS-2024-2400)
2024-01-09 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM : Python vulnerability (USN-6400-1)
2023-09-27 00:00:00
EulerOS Virtualization 2.10.0 : python3 (EulerOS-SA-2023-1172)
2023-01-10 00:00:00
osv
osv
python2.7, python3.5 vulnerability
2023-09-27 12:49:54
CVE-2020-10735
2022-09-09 14:15:08
BIT-python-2020-10735
2024-03-06 11:08:16
fedora
fedora
[SECURITY] Fedora 35 Update: python3.7-3.7.14-1.fc35
2022-09-14 01:42:58
[SECURITY] Fedora 37 Update: python3.6-3.6.15-13.fc37
2022-11-10 22:40:39
[SECURITY] Fedora 35 Update: python3.8-3.8.14-1.fc35
2022-09-14 01:43:00
rocky
rocky
python3.9 security update
2022-11-02 13:53:37
python3 security update
2023-02-22 01:08:44
cbl_mariner
cbl_mariner
CVE-2020-10735 affecting package python3 3.7.13-6
2023-06-13 20:02:41
redhat
redhat
(RHSA-2022:7323) Moderate: python3.9 security update
2022-11-02 13:53:37
(RHSA-2022:6766) Moderate: rh-python38-python security update
2022-10-03 15:00:33
(RHSA-2023:2763) Moderate: python38:3.8 and python38-devel:3.8 security update
2023-05-16 05:54:00
slackware
slackware
[slackware-security] python3
2022-09-07 18:45:50
wolfi
wolfi
CVE-2020-10735 vulnerabilities
2024-06-30 03:08:34
redos
redos
ROS-20240614-02
2024-06-14 00:00:00
ROS-20240409-02
2024-04-09 00:00:00
cgr
cgr
CVE-2020-10735 vulnerabilities
2024-05-19 03:07:16
almalinux
almalinux
Moderate: python3.9 security update
2022-11-02 00:00:00
Moderate: python39:3.9 and python39-devel:3.9 security update
2023-05-16 00:00:00
Moderate: python38:3.8 and python38-devel:3.8 security update
2023-05-16 00:00:00
oraclelinux
oraclelinux
python3.9 security update
2022-11-02 00:00:00
python38:3.8 and python38-devel:3.8 security update
2023-05-23 00:00:00
python3 security update
2023-02-22 00:00:00
freebsd
freebsd
Python -- multiple vulnerabilities
2020-03-20 00:00:00
aix
aix
AIX is affected by arbitrary code execution and denial of service due to Python
2022-11-01 10:11:15
suse
suse
Security update for python39 (important)
2022-10-01 00:00:00
Security update for python310 (important)
2022-09-30 00:00:00
mageia
mageia
Updated python3 packages fix security vulnerability
2022-10-08 23:22:22

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.9%

JSON
Related for AL2_ALASPYTHON3_8-2023-007.NASL
debiancve2nvd2ibm9redhatcve2ubuntu1openvas53ubuntucve2veracode3prion2amazon2cve2cvelist2nessus51osv16fedora24rocky2cbl_mariner1redhat5slackware1wolfi1redos2cgr1almalinux4oraclelinux4freebsd1aix1suse2mageia1